baserev update by copy to link target

• Files Changed
• Browse Source

- Update to 4.4.26 For more details see changelog.txt and
  releasenotes.txt
  * This release includes all corrections included in 4.4.25.1
    through .3.
  * In 4.4.25, ACCEPT behaved in the BLACKLIST section the same way
    as in the other rules file sections. This could lead to
    connections  being accepted inadvertently.
    Now, ACCEPT behaves like WHITELIST; that is, it exempts the
    packet from the remaining rules in the BLACKLIST section.
  * Previously, Shorewall did not detect the ULOG and NFLOG
    capabilities. This lead to run-time failures during 'start' and
    'restart' as well as confusing error messages during
    compilation  when ULOG or NFLOG was used when the LOG target was
    not available.
    ULOG and NFLOG are now detected capabilities so, if you use a
    capabilities file, you will need to regenerate it in order to
    use these log levels.
  * The SAME tcrules target was broken in Shorewall 4.4.22. It now
    works correctly again.
  * Previously, 'shorewall6 update' did not update shorewall6.conf.
    The command now works as expected.
  * In earlier releases, the compiler was attempting to process the
    params file before it was aware of the setting of CONFIG_PATH.
    This could cause the params file to be missed if it was not located
    in /etc/shorewall[6] or in the directory named in the start
    (restart,compile,check,...) command.
    Now, /sbin/shorewall[6] passes $CONFIG_PATH to the compiler
    (/usr/share/shorewall/compiler.pl) in the new '--config_path'
    option.

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- Update to 4.4.25.3  For more details see changelog.txt and
   releasenotes.txt
  * Correction of the produced ruleset when wildchars are used in
    the zone configuration

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

-  Update to 4.4.25.2 For more details see changelog.txt and
   releasenotes.txt
   
   * Previously, if all the following were true:
    - AUTOMAKE=Yes
    - Current compiled script (/var/lib/shorewall/firewall or
      /var/lib/shorewall6/firewall) up to date
    - LEGACY_FASTSTART=No
    - There was a saved configuration
    then rather than start the current configuration, 'shorewall 
    start -f' or 'shorewall6 start -f' would incorrectly restore
    the saved  configuration.
    * The DropSmurfs and TCPFlags actions are now available in
    Shorewall6. They were previously omitted from the IPv6 
    actions.std file.
    * The 'rawpost' table was previously omitted from the output of 
    the 'dump' command. It is now displayed.
    * Previously, if a configuration contained more than one wildcard
    interface (physical name ending in '+'), then the generated script
    might not work properly with Shorewall-init. This defect dates back
    to the introduction of Shorewall-init.

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- Update to 4.4.25.1 For more details see changelog.txt and
  releasenotes.txt
  * A'refresh' command with no chains or tables specified will
    now reload chains created by entries in the BLACKLIST section of
    the rules file.
  * The rules compiler previously failed to detect the 'Flow
    Filter' capability. That capability is now correctly detected.
  * The IN_BANDWIDTH handling changes in 4.4.25 was incompatible
    with moribund distributions such as RHEL4. Restoring IN_BANDWIDTH
    functionality on those releases required a new 'Basic Filter'
    capability.

• Files Changed
• Browse Source

update to 4.4.25

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- Update to 4.4.24.1
 
  * When the logical and physical name of an interface were
    different, including the logical name in the tcdevices file
    caused the device's classes to be ignored. This defect was
    introduced in  Shorewall 4.4.23.
  * Remove the ExecReload from all services, since systemd
    doesn't allow an ExecReload for OneShot services. Also, add a
    missing After=network.target to shorewall.service.
- Fixed Url typo in the spec

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- Update to 4.4.24. For more details see changelog.txt and
  releasenotes.txt
 
  * This release includes all problem corrections from releases
    4.4.23.1-4.4.23.3.
  * The 'fallback' option without =<weight> previously produced
    invalid  'ip' commands.

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- reworked systemd related rpm macros for 12.1 
  removed %clean macro

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- Update to 4.4.23.3
  * When providers were present that specify neither 'balance' nor
    'fallback', then the following message was issued during
    compilation and 'enable' of the interface would fail.

    Use of uninitialized value $weight in concatenation (.) or
    string  at /usr/share/shorewall/Shorewall/Providers.pm line 644.

  * TC_ENABLED=Shared was broken in Shorewall 4.4.23, 4.4.23.1 and
    4.4.23.2. It produced a  shell script with syntax errors.

- Backported patches removed.

• Files Changed
• Browse Source

- Update to 4.4.23.2  For more details see changelog.txt and
  releasenotes.txt
- Support of systemd for openSUSE 12.1
- Backported patches WEIGHT.patch and SHARED.patch fixing a
  harmless message and traffic shaping issues respectively

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- Update to 4.4.22.3. Corrections in this release are below.
  * On older distributions where 'shorewall show capabilities'
    indicates 'Connection Tracking Match: Not Available', harmless
    Perl diagnostics like the following could be issued:
        Use of uninitialized value $list in pattern match (m//) 
        at /usr/share/shorewall/Shorewall/Config.pm line 1273,
        <$currentfile> line 14.
        Use of uninitialized value $list in split 
        at /usr/share/shorewall/Shorewall/Config.pm line 1275,
        <$currentfile> line 14.
  * On older distributions where 'shorewall show capabilities'
    indicates 'Mangle FORWARD Chain: Not Available', entries in the
    ecn file generated the following Perl Diagnostic:
        Use of uninitialized value in hash element 
    at /usr/share/shorewall/Shorewall/Chains.pm line 1119.
	
  * Previously, if a provider interface was derived from an optional
    wildcard entry in /etc/shorewall/providers, then the interface
    was never considered to be usable.
    Example:
    /etc/shorewall/interfaces:
    #ZONE    INTERFACE   BROADCAST    OPTIONS
      net ppp+     -  optionsl
    /etc/shorewall/providers:net
    #PROVIDER  NUMBER  MARK  INTERFACE ...
     ISP1   1   1 ppp0 
  * When 'shorewall update' or 'shorewall6 update' results in no change
    to the .conf file, a message is issued, the .bak file is removed
    and the command terminates without error.

• Files Changed
• Browse Source